/* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.net.ipsec.test.ike; import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_DEFAULT; import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MAXIMUM; import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_HARD_LIFETIME_SEC_MINIMUM; import static android.net.ipsec.test.ike.ChildSessionParams.CHILD_SOFT_LIFETIME_SEC_DEFAULT; import static android.system.OsConstants.AF_INET; import static android.system.OsConstants.AF_INET6; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DHCP; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_DNS; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS; import static com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_DNS; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import android.net.InetAddresses; import android.util.SparseArray; import com.android.internal.net.ipsec.test.ike.message.IkeConfigPayload.ConfigAttribute; import org.junit.Before; import org.junit.Test; import java.net.Inet4Address; import java.net.Inet6Address; import java.util.concurrent.TimeUnit; public final class TunnelModeChildSessionParamsTest { private static final int NUM_TS = 2; private static final int IP6_PREFIX_LEN = 64; private static final int INVALID_ADDR_FAMILY = 5; private static final Inet4Address IPV4_ADDRESS = (Inet4Address) InetAddresses.parseNumericAddress("192.0.2.100"); private static final Inet6Address IPV6_ADDRESS = (Inet6Address) InetAddresses.parseNumericAddress("2001:db8::1"); private static final Inet4Address IPV4_DNS_SERVER = (Inet4Address) InetAddresses.parseNumericAddress("8.8.8.8"); private static final Inet6Address IPV6_DNS_SERVER = (Inet6Address) InetAddresses.parseNumericAddress("2001:4860:4860::8888"); private static final Inet4Address IPV4_DHCP_SERVER = (Inet4Address) InetAddresses.parseNumericAddress("192.0.2.200"); private ChildSaProposal mSaProposal; @Before public void setup() { mSaProposal = new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, SaProposal.KEY_LEN_AES_128) .build(); } private void verifyCommon(TunnelModeChildSessionParams childParams) { assertArrayEquals(new SaProposal[] {mSaProposal}, childParams.getSaProposalsInternal()); assertEquals(NUM_TS, childParams.getInboundTrafficSelectorsInternal().length); assertEquals(NUM_TS, childParams.getOutboundTrafficSelectorsInternal().length); assertFalse(childParams.isTransportMode()); } private void verifyAttrTypes( SparseArray expectedAttrCntMap, TunnelModeChildSessionParams childParams) { ConfigAttribute[] configAttributes = childParams.getConfigurationAttributesInternal(); SparseArray atrrCntMap = expectedAttrCntMap.clone(); for (int i = 0; i < configAttributes.length; i++) { int attType = configAttributes[i].attributeType; assertNotNull(atrrCntMap.get(attType)); atrrCntMap.put(attType, atrrCntMap.get(attType) - 1); if (atrrCntMap.get(attType) == 0) atrrCntMap.remove(attType); } assertEquals(0, atrrCntMap.size()); } @Test public void testBuildChildSessionParamsWithoutConfigReq() { TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder().addSaProposal(mSaProposal).build(); verifyCommon(childParams); assertEquals(0, childParams.getConfigurationAttributesInternal().length); assertEquals(CHILD_HARD_LIFETIME_SEC_DEFAULT, childParams.getHardLifetimeSeconds()); assertEquals(CHILD_SOFT_LIFETIME_SEC_DEFAULT, childParams.getSoftLifetimeSeconds()); } @Test public void testBuildChildSessionParamsWithLifetime() { int hardLifetimeSec = (int) TimeUnit.HOURS.toSeconds(3L); int softLifetimeSec = (int) TimeUnit.HOURS.toSeconds(1L); TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .setLifetimeSeconds(hardLifetimeSec, softLifetimeSec) .build(); verifyCommon(childParams); assertEquals(0, childParams.getConfigurationAttributesInternal().length); assertEquals(hardLifetimeSec, childParams.getHardLifetimeSeconds()); assertEquals(softLifetimeSec, childParams.getSoftLifetimeSeconds()); } @Test public void testBuildChildSessionParamsWithAddressReq() { TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .addInternalAddressRequest(AF_INET) .addInternalAddressRequest(AF_INET6) .addInternalAddressRequest(AF_INET6) .addInternalAddressRequest(IPV4_ADDRESS) .addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN) .build(); verifyCommon(childParams); SparseArray expectedAttrCntMap = new SparseArray<>(); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_ADDRESS, 2); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_ADDRESS, 3); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_NETMASK, 1); verifyAttrTypes(expectedAttrCntMap, childParams); } @Test public void testBuildChildSessionParamsWithDnsServerReq() { TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .addInternalDnsServerRequest(AF_INET) .addInternalDnsServerRequest(AF_INET6) .addInternalDnsServerRequest(IPV4_DNS_SERVER) .addInternalDnsServerRequest(IPV6_DNS_SERVER) .build(); verifyCommon(childParams); SparseArray expectedAttrCntMap = new SparseArray<>(); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_DNS, 2); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_DNS, 2); verifyAttrTypes(expectedAttrCntMap, childParams); } @Test public void testBuildChildSessionParamsWithDhcpServerReq() { TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .addInternalDhcpServerRequest(AF_INET) .addInternalDhcpServerRequest(AF_INET) .addInternalDhcpServerRequest(AF_INET) .addInternalDhcpServerRequest(IPV4_DHCP_SERVER) .build(); verifyCommon(childParams); SparseArray expectedAttrCntMap = new SparseArray<>(); expectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_DHCP, 4); verifyAttrTypes(expectedAttrCntMap, childParams); } @Test public void testBuildChildSessionParamsWithDhcp6SeverReq() { try { new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .addInternalDhcpServerRequest(AF_INET6) .addInternalDhcpServerRequest(AF_INET6) .addInternalDhcpServerRequest(AF_INET6) .build(); fail("Expected to fail because DHCP6 is not supported."); } catch (IllegalArgumentException expected) { } } @Test public void testBuildChildSessionParamsWithInvalidDhcpReq() { try { new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .addInternalDhcpServerRequest(INVALID_ADDR_FAMILY) .build(); fail("Expected to fail due to invalid address family value"); } catch (IllegalArgumentException expected) { } } @Test public void testSetHardLifetimeTooLong() throws Exception { try { new TunnelModeChildSessionParams.Builder() .setLifetimeSeconds( CHILD_HARD_LIFETIME_SEC_MAXIMUM + 1, CHILD_SOFT_LIFETIME_SEC_DEFAULT); fail("Expected failure because hard lifetime is too long"); } catch (IllegalArgumentException expected) { } } @Test public void testSetHardLifetimeTooShort() throws Exception { try { new TunnelModeChildSessionParams.Builder() .setLifetimeSeconds( CHILD_HARD_LIFETIME_SEC_MINIMUM - 1, CHILD_SOFT_LIFETIME_SEC_DEFAULT); fail("Expected failure because hard lifetime is too short"); } catch (IllegalArgumentException expected) { } } @Test public void testSetSoftLifetimeTooLong() throws Exception { try { new TunnelModeChildSessionParams.Builder() .setLifetimeSeconds( CHILD_HARD_LIFETIME_SEC_DEFAULT, CHILD_HARD_LIFETIME_SEC_DEFAULT); fail("Expected failure because soft lifetime is too long"); } catch (IllegalArgumentException expected) { } } @Test public void testSetSoftLifetimeTooShort() throws Exception { try { new TunnelModeChildSessionParams.Builder() .setLifetimeSeconds(CHILD_HARD_LIFETIME_SEC_DEFAULT, 0); fail("Expected failure because soft lifetime is too short"); } catch (IllegalArgumentException expected) { } } @Test public void testConstructTunnelModeChildParamsCopy() throws Exception { TunnelModeChildSessionParams childParams = new TunnelModeChildSessionParams.Builder() .addSaProposal(mSaProposal) .setLifetimeSeconds( (int) TimeUnit.HOURS.toSeconds(3L), (int) TimeUnit.HOURS.toSeconds(1L)) .addInternalAddressRequest(AF_INET) .addInternalAddressRequest(AF_INET6) .addInternalAddressRequest(IPV4_ADDRESS) .addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN) .addInternalDnsServerRequest(AF_INET) .addInternalDnsServerRequest(AF_INET6) .addInternalDhcpServerRequest(AF_INET) .build(); TunnelModeChildSessionParams result = new TunnelModeChildSessionParams.Builder(childParams).build(); assertEquals(childParams, result); } }